Restricting access to services with ipwhitelist

Often it is best to only allow clients from the local network to access some services and restrict access to everyone else. We can do that by using the ipwhitelist middleware from traefik.

Add the following to config/dynamic_config.yml:

http:
  middlewares:
    localonly:
      ipWhiteList:
        sourceRange:
          - "192.168.0.0/24"
          - "127.0.0.1/32"

Everything in the range 192.168.0.0/24 aswell as the machine itself will be whitelisted with these settings. If you want to restrict access to a service, add the following to the labels tag in the docker-compose file:

services:
  traefik:
    labels:
      traefik.http.routers.traefik.middlewares: "localonly@file"

Now traefik for example will only be accessible from within the home network.

Getting started

Adding HTTPS support

Automatically redirect HTTP to HTTPS

Restricting access to services with ipwhitelist

Add custom error pages

Complete setup

TODO

Restricting access to services with ipwhitelist

See also